Despite pressures to do so, many companies have yet to implement practices for better risk management. Such practices, whether implementing Enterprise-wide Risk Management or putting better information in the hands of directors, greatly improve corporate governance, these authors discovered. Moreover, they make the risk manager's job much more important.
The huge losses experienced by Barings Bank and Daiwa bank in the 1990s and the more recent implosions of Enron and WorldCom have underlined the reality that effective risk management and corporate governance go hand in hand. In Canada, this was first made explicit in the Toronto Stock Exchangecommissioned report, Where Were the Directors ?, also known as the Dey Report. In response, the TSE adopted 14 recommendations of the report as best-practice guidelines for listed companies. The guidelines suggest that the board of directors should assume responsibility for stewardship, including strategic planning, risk management, and internal control. Specifically, the guidelines recommend that boards assume responsibility for "the identification of the principal business risks of the corporation's business, ensuring the implementation of appropriate systems to manage these risks."
In 1999, the TSE completed a follow-up survey, Five Years to the Dey . This report was designed to evaluate developments in corporate governance and the relevance of the previous report's recommendations. The report stated that:
"The research findings present a complex picture. On one hand, it is clear that most corporations take the TSE guidelines seriously. Many of the largest companies that account for the greatest proportion of Canadian equity investment are leaders in corporate governance. A number of the TSE guidelines are now broadly accepted business practices. On the other hand, important areas remain where general practice falls short of the guidelines' intent."
One finding of the 1999 report was that many boards, especially those in resource industries, have no formal process for evaluating risk. Thirty-nine percent of participating companies had no formal process, while 55 percent in the gold and precious minerals sector had no formal process. These results raise the question of whether or not the TSE guidelines are having the intended effect on companies' behavior.
In this paper, we address an important, related issue: how have the TSE guidelines affected companies' risk management strategies? How have companies responded to the requirement for more comprehensive risk management practices and according to risk managers, what is the next step in the evolution of their discipline?
Enterprise Risk management
To assess these issues, we surveyed all members of the Canadian Risk and Insurance Management Society (RIMS); we supplemented our survey results with interviews with 21 of the respondents. While our results suggest that the guidelines have influenced risk management practices for many companies, they also reveal that a number of companies have yet to change their practices.
In effect, the TSE guidelines encourage companies to adopt an Enterprise Risk Management (ERM) approach to risk management, that is to manage risk using a more holistic, or strategic, view of risk, rather than the traditional silo approach. However, such a change does not occur easily, nor is there a great deal of experience to show companies how it should be done. Hence, to determine the extent to which Canadian companies have adopted ERM, we sent a survey to all members of the RIMS. We sent out 336 surveys and received 118 back.
The results of the survey show that 37 out of 118 firms have adopted ERM, 34 are currently investigating ERM, and 47 are not considering ERM. Of those that have implemented ERM, 16 are listed on the TSE; 13 have a position called Chief Risk Officer. Of those firms using ERM, 37 percent said that compliance with the TSE guidelines was a driving force behind their decision, while 51 percent said it was due to encouragement from the board of directors. …